DalFox: Parameter Analysis and XSS #Scanning tool based on GOlang (Finder Of #XSS).

DalFox: Parameter Analysis and XSS #Scanning tool based on GOlang (Finder Of #XSS).

 

Dalfox is a DOM (Document Object Model) parser-based parameter analysis and Cross-site Scripting (XSS) scanner. SQL injection (SQLi), Server-Side Template Injection (SSTI), and open-redirects are all tested with the XSS Dalfox. Dalfox is a language-based tool written in the Golang programming language. On the target web application, Dalfox can detect reflected, saved, and blind XSS. The main idea is to look at arguments, look for XSS, and validate them using the DOM Parser.

Key Features:

  1. To detect reflected parameters, Dalfox uses Parameter Analysis.
  2. Dalfox locates free/evil characters and determines the injection point.
  3. Dalfox does static analysis and looks for problematic headers such as CSP, X-Frame Options, and so forth.
  4. Dalfox performs payload optimization queries, checks the injection point via abstraction, and creates a suited payload.
  5. Dalfox filters out unneeded payloads depending on the incorrect char.

Disclaimer: The intended use for the tool is strictly educational and should not be used for any other purpose.

Download Link: https://github.com/hahwul/dalfox

Leave a Reply

Your email address will not be published.

Get in Touch To get Free Demo

We are available 24 * 7, Contact Us and Avail Exciting Discount Offers​

    WhatsApp Now